local jwt = require "resty.jwt"
local jwt_token = ngx.var.arg_jwt
if jwt_token then
    ngx.header['Set-Cookie'] = "jwt=" .. jwt_token
else
    jwt_token = ngx.var.cookie_jwt
end
ngx.log(ngx.ERR,'get toke ==== ', jwt_token)

--java端生成的jwt格式                                   
--{"iss":"zhijl_web","exp":1536573108,"userId":"11","identityFlag":"629b5b4e-f187-454f-9168-a2fb29e346a2"}  

-- begin to verify
local jwt_obj = jwt:verify(ngx.var.jwt_secret, jwt_token)

--- sign is not ok, and expire 
if not jwt_obj["verified"] or jwt_obj["payload"]["iss"] ~= ngx.var.jwt_iss or jwt_obj["payload"]["userId"] ~= ngx.var.jwt_userId then
    local site = ngx.var.scheme .. "://" .. ngx.var.http_host;
    local args = ngx.req.get_uri_args();
    --ngx.say(jwt_obj.reason);
    ngx.say(' token is invalid!');
    ngx.status = ngx.HTTP_UNAUTHORIZED
    ngx.exit(ngx.HTTP_OK)

    -- or you can redirect to your website to get a new jwt token
    --     -- then redirect back
    --         -- return ngx.redirect("http://your-site-host/get_jwt")
end
